Sunday, March 19, 2006

This may not be a “post,” more like a semi-post -- musings on two uses of microelectromechanical sensors (MEMs) that are in varying states of development.

MEMsare mechanical devices that range in size from a micrometer to a millimeter and are manufactured using any of several different technologies. MEMs have many hypothesized uses, but I want to focus on two which illustrate how advances in technology can erode privacy in ways we have never before had to think about.

One hypothesized use of MEMs is to create “smart dust.” The notion of smart dust has been around for years, but developers are increasingly on their way to making it a reality. Basically, smart dust is a network of MEMs devices “installed with wireless communications, that can detect anything from light and temperature, to vibrations, etc.” “Smart Dust,” Wikipedia.The ultimate goal of those engaged in developing smart dust is to “combine communication, computation, and sensing into a single tiny package.” The smart dust motes would be able to communicate not only with a base station operated by humans, but with each other; the dust motes would become a distributed computer network with, some contend, a distributed intelligence comparable to that found among ants, bees or other social insects.

Smart dust could be scattered around a building or other area where it could track the movements of individuals and/or detect the presence of chemicals or other noteworthy substances. Smart dust motes could also be released into the atmosphere inside a building or other structure; the motes would be light enough to float and would be, for all intents and purposes, indistinguishable from regular dust motes. Unlike regular dust motes, however, the smart dust motes would be collecting information from inside the building and sharing that information with an external base station manned by humans.

The other, far-more hypothetical use of MEMs is to create “insect cyborgs” by implanting MEMs into moths and other insects. The MEMs would be surgically implanted when the insects are in the pupa stage of their development, midway between the larval and adult stages. The premise is that the insects would adapt their maturation process to accommodate the implanted MEMs, which would let human operators control the adult insects. Those engaged in this effort believe operators would be able to used the MEM-modified insects to detect bombs or other chemicals. They also believe the human operators would be able to control the insects’ movements, so that they could, for example, be directed to a particular location to monitor explosives or even human activities.

Both of these scenarios raise interesting, and disconcerting, possibilities for circumventing our ability to maintain our privacy. As I have explained elsewhere, privacy has historically been a bricks-and-mortar concept; our Fourth Amendment, for example, derives from the English maxim that "a man's home is his castle." It is this reverence for the privacy of a particular place, notably the home, that has led our Supreme Court to observe on numerous occasions that "the Fourth Amendment has drawn a firm line at the entrance to the house. Absent exigent circumstances, that threshold may not . . . be crossed without a warrant." Payton v. New York, 445 U.S. 573 (1980).

The Supreme Court was, of course, talking about the threshold's being crossed by police, not about what might drift in on air currents.

As I explained in an earlier post ("Cartapping," February 21, 2006), under the Katz test, the test the Supreme Court uses to implement Fourth Amendment privacy guarantees, I will

have a Fourth Amendment expectation of privacy in a place if I take efforts to protect that place from being "invaded" by law enforcement officers; and

not have such an expectation if I do not effectively protect that place from being "invaded" by law enforcement officers.

So, as I explain to my students, I have a Fourth Amendment expectation of privacy in what occurs inside my home if I close the doors, close the curtains and otherwise protect the interior of my home from observations by members of the public and/or law enforcement officers who are physically located in the public areas outside my home.

How do we apply this test to smart dust and insect cyborgs? Does it mean that to have a Fourth Amendment expectation of privacy do I have to completely eradicate dust and insects from my home? We all, of course, make an effort to eliminate dust and insects, but until now that was a product of our desire for cleanliness and sanitation . . . not a matter of constitutional import.

Wednesday, March 15, 2006

A federal prosecution that was brought about a decade ago and that ultimately went to the Sixth Circuit Court of Appeals raises some difficult issues about whether we can outlaw the posting of certain types of information on the Internet.

The case did not involve the usual categories of problematic material, like child pornography or libel or bomb-making instructions or classified information. Instead, it involved fantasy . . . more specifically, fantasy about a real person.

The case is United States v. Abraham Jacob Alkhabaz a/k/a Jake Baker, 104 F.3d 1492 (6th Cir. 1997). In the fall of 1994, Alkhabaz, who had apparently used his mother's name (Baker) for years, was an undergraduate at the University of Michigan. In October, Baker began submitting stories depicting the rape, torture and murder of young women to the alt.sex.stories usenet group. One of the stories depicted -- in graphic detail -- the rape, torture and murder of one of his classmates, a woman I will call Jane Doe. This story, like the other stories Baker posted, are notable both for the extreme violence they depict (such as raping their victim with a hot curling iron or hanging her upside down, cutting her with a knife, pouring gasoline over her and setting her on fire), but for the sadistic enjoyment the writer seems to take from the victim's pain. One of the stories is quoted in the dissent in the Sixth Circuit case.

The story came to the attention of University of Michigan authorities, who contacted the police. When the police searched Baker's computer, they found more stories; they also found an email correspondence Baker had maintained with a Canadian known as Arthur Gonda. The emails outlined a plan by which the two men would meet in real-life, abduct a young woman and carry out the fantasies depicted in Baker's stories and his emails to Gonda. The police apparently believed Baker and Gonda represented a threat to potential victims, and so they brought in the FBI, who arrested Baker and brought an initial complaint charging him with sending threats via interstate commerce. A grand jury later indicted Baker on the same charges.

The charges were brought under section 875(c) of Title 18 of the U.S. Code. Section 875(c) makes it a federal crime to transmit "in interstate or foreign commerce any communication containing any threat to kidnap any person or to injure the person of another". Baker moved to dismiss the charges against him, arguing that while he had sent communications via interstate commerce, neither his alt.sex.stories postings nor his emails to Gonda constituted "threats" to kidnap and/or injure another person. The district court agreed, and dismissed the charges. The government then appealed the dismissal to the Sixth Circuit Court of Appeals, which takes us to the decision I cited earlier.

With one judge dissenting, the Sixth Circuit upheld the dismissal. Like the district court judge, these judges found that while Baker's stories were sadistic and disturbing, they did not constitute "threats" and were therefore protected speech under the First Amendment. They explained that to constitute a "threat," a communication must "be such that a resonable person . . . would take the statement as a serious expression of an intention to inflict bodily harm". They also found that to constitute a threat, such a communication must be such that a reasonable person would perceive it as being communicated "to effect some change or achieve some goal through intimidation". One judge dissented, primarily because he did not believe a "threat" requires the second element, i.e., requires a purpose to use intimidation to achieve some end. (This judge was also clearly disturbed by the content and tone of Baker's stories and emails.)

I don't particularly like Baker's stories and emails, but I agree with the Sixth Circuit majority: I don't think they constituted threats. There is absolutely no indication that Baker ever meant for the classmate whom he wrote about to see his stories or emails. That, to me, establishes that his various missives could not constitute a "threat," at least not as the term has always been defined. My new Chambers Dictionary (9th ed.) defines threat as "a declaration or indication of an intention to inflict harm" on someone. Threats are usually communicated to the victim, either directly or indirectly; they are often part of a course of conduct that may eventually culminate in the threatener's carrying through, and harming or killing the victim. In that sense, they are an act of preparation -- part of the process by which the threatener cranks himself/herself up to actually harm the person who has become the object of his/her hostility. In another sense, a threat is a promise -- a promise to do someone harm in the uncertain future.

Baker made no effort to share the scenarios he laid out in his stories and emails with the woman he identified as the victim of some of those scenarios. (He apparently targeted different women in some of the scenarios.) He did "publish" some of them on the Internet, which is, as far as I can determine, how the classmate featured in some of the scenarios discovered what he had written. But he made no attempt to direct the scenarios at the women featured in them; Baker would later claim the stories were pure fantasy -- a form of therapy. He apparently argued that he was role-playing in the stories and in his emails with Gonda, and he never had any intention of actually carrying out the horrors he was describing.

I can't venture an opinion on that, though I gather Baker has lived a quite, uneventful life since all of this happened. I'm not interested in Baker, though; what I find interesting is the difficult issues raised by the facts in this case.

A few years ago, when I first began working on cybercrime, a police officer who had been dealing with computer crime for a while posed this hypothetical (I think it was a hypothetical) to me: Assume an apartment complex, a typical apartment complex in any city in the U.S. (or anywhere else, for that matter). A man (John) who is skilled in the use of computer technology lives in the complex, as does a young woman (Mary) whom he finds attractive. John asked Mary out several times, but she turned him down. This angered John.

John surreptitiously videotapes Mary as she walks to and from her car on several occasions. This gives him a range of images of her. He then uses computer technology to alter a video he has obtained; the video depicts a young woman being violently raped, murdered or both (take your pick). John uses his computer expertise and the images he has captured of Mary to alter the video so that it now appears it is Mary who is being raped/murdered/both. John then posts the altered video to a website, where it plays endlessly. Mary learns about the website, watches the video and is horrified.

The question the police officer posed to me was, "Has John committed a crime?"

Good question. It seems to me that under the holding in Alkhabaz, John has not "threatened" Mary. He did not send the video to her, he posted it online. Like Baker's scenarios, John's video is a fantasy, a violent, graphic fantasy that happens to feature a real person, but still a fantasy.

Mary might argue that John is stalking her, but under stalking law (I'll get to that someday), the crime generally requires both (i) a credible threat to cause physical injury to the victim and (ii) a continuing course of conduct directed at the victim. Under Alkhabaz, we don't have a credible threat of physical injury to Mary; and I don't think we have a continuing course of conduct directed at her, either. The requirement goes to things like repeatedly following the victim, or repeatedly calling or emailing her/him. Mary might argue that the repeated playing of the video online satisfies this requirement; the problem with that argument, though, is that the video is not directed at her. Like Baker's fantasies, this video fantasy is being broadcast to the world.

Thankfully, I haven't seen this virtual-rape/murder hypothetical occur in reality. But I wonder how law enforcement and the law would react if we were to see someone carry out a version of the hypothetical in real-life. What recourse, if any, would someone have if they were unwillingly featured in a fantasy or fantasies someone else posted online?

The chances of criminal prosecution would, I think, be slim or non-existent. As I explain above, I don't think the conduct would be prosecuted either as a threat or as stalking; it might constitute harassment, but that, too, tends to require conduct that is directed at the ostensible victim of the harassment. If John were charged with harassment, he could claim that the material he posted online was "art," was speech he posted to share with the world.

Mary might try suing for defamation, but I doubt John would have enough money to make it worth her while or, more importantly, to pay the fees of the attorney she would need to pursue such action. Defamation is a crime in some states, but it is seldom prosecuted, and I am not sure that John's "fantasy" would qualify as defamation, anyway.

The Jake Baker case and this hypothetical both illustrate the difficult issues that can arise when the modes of publication are no longer controlled exclusively by corporate entities (television networks, newspaper and magazine publishers, stations) which would never publish Baker's scenarios or play John's video.

Tuesday, March 14, 2006

The notion of "trash" is pretty straightforward in the real-world: Whenever we have finished using something or are tired of it, we discard it . . . by putting it in a public "rashcan, in plastic trash bags or in the kinds of trash containers many garbage pickup services require. Once our discards have been formally deposited in the trash -- by whatever means -- they will be taken away by the public or private services that are in charge of ridding our real, physical world of refuse.

The notion of "trash" is not so straightforward when it comes to "computer trash" . . . to the data we delete from our desktops, laptops, servers, etc. In this post, I want to talk about the conceptual problems "computer trash" poses for the application of our Fourth Amendment prohibition on unreasonable searches and seizures.

In California v. Greenwood, 486 U.S. 35 (1988), the U.S. Supreme Court held that we have no Fourth Amendment expectation of privacy in trash we put outside our residences to be collected by a trash-collection service. Billy Greenwood packaged his trash in opaque plastic trash bags and left them at the curb for collection. Police arranged for the trash collection service to pick up his trash and turn it over to them; when police searched Greenwood's trash, they found evidence of drug use. Police used this evidence to get a warrant to search Greenwood's home, where they found "quantities of cocaine and hashish." Based on this, Greenwood was charged with felony drug offenses.

Greenwood argued that the charges against him were improper because they were based on what he claimed was an illegal "search" under the Fourth Amendment. He claimed he had had a legitimate Fourth Amendment expectation of privacy in the trash he put out to be collected by the local trash service. As I explained in an earlier post, a Fourth Amendment "search" occurs only if police violate a "reasonable expectation of privacy," i.e., a subjective expectation of privacy that we, as a society, are prepared to regard as objectively reasonable. Greenwood claimed (i) that he believed his trash was private and (ii) that this belief is held generally by U.S. citizens. He concluded, therefore, that his trash was private, which meant that the local police engaged in an unlawful "search" when they went through his garbage.

Unfortunately for Greenwood, the Supreme Court disagreed. They held that citizens have no Fourth Amendment expectation of privacy in trash when, as was true here, it is intentionally put outside their home to be picked up by a garbage collection service. The Court held that it was completely unreasonable for Greenwood to argue that he had a constitutionally cognizable expectation of privacy in trash he had left outside where it was "readily accessible to animals, children, scavengers, snoops and other members of the public."

This brings us to "computer trash:" I am writing this post on my laptop. In the course of composing it, I have on several occasions deleted text I had meant to include. Earlier, I finished drafting a chapter for a new book on cybercrimes; in the course of writing that chapter, I deleted whole sections of the original version of the chapter.

What is that deleted text? Is it "trash," in the Greenwood sense? Under the Supreme Court's interpretation of the Fourth Amendment, I have a cognizable Fourth Amendment expectation of privacy in the contents of my computer's hard drive. The courts have analogized hard drives to opague containers, like footlockers or desk drawers; we have a Fourth Amendment expectation of privacy in containers such as these because the contents are not clearly visible to anyone who happens to be in the room with them. The fact that a laptop containing a hard drive or a footlocker or a desk is in the room is clearly visible, so we have no Fourth Amendment expectation of privacy in those facts. We do, however, have an expectation of privacy in the contents of those containers . . . which means law enforcement officers have to get a search warrant (or my consent) to "open" them and look through their contents.

Okay, it's clear that police have to get a search warrant to search my laptop. But what does the warrant cover? Is there a distinction between the files I have saved and those I have deleted? Is there such a concept as "computer trash" or do all the files on my hard drive enjoy the same status as far as the Fourth Amendment is concerned?

This issue has come up in several lower court cases in which defendants claimed that deleted data is actually entitled to more Fourth Amendment protection that the data I have elected to preserve -- the non-trash data on my hard drive.

The case I find most interesting in this respect is People v. Weaver, 2003 WL 22183746 (Cal. App. 6th Dist. - 2003). The police had obtained a warrant to search Weaver's home computer for pornographic material, based on allegations of sexual abuse made by a teenaged boy; the boy claimed, among other things, that had used his computer to show the boy sexually-explicit images. It was clear that the search warrant was supported by probable cause which was obtained quite independently of anything on Weaver's computer. The issue in the case was whether the execution of the search warrant was flawed, and therefore violated the Fourth Amendment.

Weaver's attorney moved to suppress some of the evidence the police computer forensics expert obtained from the hard drive of Weaver's computer on the grounds that the expert's analysis of the hard drive went too far -- that it exceeded the permissible scope of the warrant. Weaver's attorney conceded that the search warrant allowed the expert to examine the hard drive for the pornographic material noted above, but claimed that the expert went "too far" when he used a "special program" to access files Weaver had deleted.

Weaver's attorney argued, essentially, that the search warrant allowed the computer forensics expert to search the hard drive for data that would have been visible to anyone who sat down at the computer and searched through the files it overtly contained. In other words, the attorney argued that the search warrant let the police do only what any ordinary citizen could do: to look through the files Weaver had saved and stored in various directories on the hard drive. As the attorney pointed out, the average citizen would not have been able to view or otherwise access the data Weaver had deleted from his hard drive; doing this require the use of special software.

Weaver's attorney specifically argued that the deleted data was outside the scope of the warrant and was therefore unavailable to the police unless and until they obtained a second warrant, one that specifically authorized them to resuscitate and view data Weaver had deleted from his hard drive. I think this is a very interesting argument: The Greenwood Court held that Billy Greenwood had no Fourth Amendment expectation of privacy in his real-world trash because he put it out at the curb, where it was readily accessible to any ordinary citizen. Weaver's attorney argued that he had such an expectation of privacy in the data he had deleted because he had, in effect, taken steps to make that data inaccessible to any ordinary citizen who might gain access to his hard drive.

Weaver lost: The California Court of Appeals found, among other things, that the program the computer forensics expert used to access the deleted data was not sophisticated software but was, instead, a "free download from the Internet."

The California Court of Appeals issued its decision in 2003, which means that the search of Weaver's computer probably occurred several years before . . . when computer technology was even less evolved than it was in 2003. I have not seen anyone else try this argument, but I think it could be interesting if someone did.

In Kyllo v. United States, 533 U.S. 27 (2001), the U.S. Supreme Court held that it is a "search" under the Fourth Amendment for law enforcement officers to use technology that is not "in general public usage" to locate evidence. I have always assumed that Weaver's lawyer was making a Kyllo argument, but the case is not cited in the Weaver opinion. I wonder what a court would do if a defendant made a clear Kyllo argument . . . arguing that he/she had deleted data and that the police used technology that is not "in general public usage" to recover it. My sense is that the programs police computer forensics experts currently use to restore deleted data is not something the average, ordinary citizen would know about, let alone have access to and know how to use to restore data deleted from a hard drive.

That at least raises the rather peculiar possibility that we may, just may, have more privacy in our "computer trash" than in the trash we discard in the real-world.

Saturday, March 11, 2006

The Fourth Amendment to the U.S. Constitution guarantees that "the right of the people" to be free from "unreasonable searches and seizures" shall not be violated.

A long time ago, the U.S. Supreme Court held that this amendment (unlike, say, the Fifth Amendment) applies only to searches and seizures that are conducted either (i) in the territorial United States or (ii) outside the United States against U.S. citizens. Under this interpretation of the Fourth Amendment, therefore, it does not violate the U.S. Constitution for U.S. law enforcement officers to search and seize property that is located outside the U.S. and that belongs to someone who is not a U.S. citizen.

I have some reservations about this interpretation of the Fourth Amendment as it applies to real-world searches, but it becomes especially problematic when we get into searches and seizures that involve networked computers. To illustrate what I mean, I want to use an investigation (and prosecution) that occurred several years ago.

In this case, businesses around the U.S. were being attacked by anonymous perpetrators whose favorite tactic was to gain unauthorized access to a business' computer system, steal credit card data or other sensitive information and attempt to extort money from the business by threatening to release the information publicly. The unknown perpetrators "also defrauded PayPal through a scheme in which stolen credit cards were used to generate cash and to pay for computer parts purchased from vendors in the United States." U.S. Department of Justice Press Release. The investigation would reveal that the perpetrators had taken control of many computers, including the computer system owned by a Michigan school district, and used them in the PayPal fraud scheme. U.S. Department of Justice Press Release.

The FBI identified the perpetrators were Alexey Ivanov and Vasiliy Gorshkov, two young men from Chelyabinsk, Russia, and asked the Russian authorities to extradite them. Extradition is the formal process by which one country (Country A) turns a suspect over to another country (Country B) to be prosecuted for crimes committed against that country or its citizens. There is no obligation to extradite a suspect unless the two countries are parties to an extradition treaty. Since the U.S. does not have an extradition treaty with Russia, Russian authorities refused to turn Gorshkov and Ivanov over to the FBI.

Frustrated, the FBI decided to use a sting to get Gorshkov and Ivanov. The FBI created a fake computer security company called "Invita" in Seattle and invited Gorshkov and Ivanov to come to Seattle to interview for jobs with the company. Gorshkov and Ivanov eventually agreed, arriving in Seattle on November 10, 2000. They were taken to the "Invita" offices, where there were interviewed and then asked to demonstrate their hacking skills, using a test network created by the FBI. In so doing, Gorshkov and Ivanov accessed files on two computer servers located in Russia in order to obtain tools they needed to break into the test network.

What neither Gorshkov nor Ivanov knew is that the FBI had installed a keystroke logger on the computers they used to break into the test network; it recorded the usernames and passwords they used to gain access to the servers in Russia. FBI agents arrested Gorshkov and Ivanov after they broke into the test network, and then used their usernames and passwords to access the Russian servers. After conducting a complete search of the files on both servers, FBI agents downloaded 1.3 gigabytes of data. They did all of this without a warrant; the agents did obtain a search warrant before they examined the files, which were stored on computers in Seattle.

Gorshkov and Ivanov were charged with various federal crimes, including computer theft and extortion. Gorshkov moved to suppress the evidence the FBI had obtained by accessing the Russian servers, arguing that the agents' conduct violated "our" Fourth Amendment. Applying the standard outlined above, the District Court judge denied the motion, holding that the Fourth Amendment did not apply to

"the agents' extraterritorial access to computers in Russia and their copying of data contained thereon. First, the Russian computers are not protected by the Fourth Amendment because they are property of a non-resident and located outside the territory of the United States. . . . [T]he Fourth Amendment does not apply to a search or seizure of a non-resident alien's property outside the territory of the United States. In this case, the computers accessed by the agents were located in Russia, as was the data contained on those computers. . . . Until the copied data was transmitted to the United States, it was outside the territory of this country and not subject to the protections of the Fourth Amendment."

United States v. Gorshkov, 2001 WL 1024026 (W. D. Wash. 2001).

As I said, I have some general problems with the notion that "our" Fourth Amendment does not apply to real-world searches, such as when our law enforcement officers abduct someone from another country and bring them here for trial. I am willing to assume that we cannot require our law enforcement agents literally to comply with the Fourth Amendment when they are searching for evidence or suspects in another country; it would, I imagine, be impossible for them to obtain a search or arrest warrant that would meet our requirements in most other countries. But why can't they obtain a warrant from a U.S. court and then execute it abroad? The warrant would not be legally binding in the country in which the U.S. agents act, but it would ensure that their actions comport with the requirements of our law.

Our courts have never addressed this possibility because extra-territorial searches and seizures have been defined as outside our Constitution for well over a century. This definition is the product of the historical conception of sovereignty, which linked the applicability of law with one's presence in the territory of a specific sovereign. In Fong Yue Ting v. United States, 149 U.S. 698 (1893), for example, the U.S. Supreme Court said that the U.S. "constitution has no extraterritorial effect, and those who have not come lawfully within our territory cannot claim any protection from its provisions". And that approach still makes a great deal of sense; we cannot, for example, extrapolate our law outside our territory, so that we require law enforcement officers in Canada to give Miranda warnings to those whom they arrest.

The trouble with networked computer searches and seizures is that they may not occur "in" the territory of a single sovereign nation. In the Gorshkov-Ivanov case, the process the FBI agents used to obtain the data from the Russian computers involved actions that, I think, occurred in at least two nations:

The FBI agents initiated the search and seizure from the United States, when they began the process of communicating with the Russian servers.

Once the agents gained access to and began searching the Russian servers, their actions occurred "in" Russia.

The agents' compiling the data they would download to their computers also occurred "in" Russia.

The agents' initiating the download occurred "in" Russia.

The arrival of the data on the Seattle computers occurred "in" the United States.

What do we do with situations such as this, in which the conduct involved in executing a search for and seizure of evidence occurs both "in" the United States and "in" another country?

Situations such as this are not encompassed by the holdings of the Supreme Court cases which have held that "our" Fourth Amendment does not apply to extra-territorial searches and seizures directed at property owned by non-U.S. citizens. Those cases all addressed law enforcement activity which took place entirely in another country (except for the process of bringing evidence and/or a suspect back into the United States). They did not deal with remote searches and/or searches, because they were not possible until very recently.

I do not think the Supreme Court's extraterritorial search holdings should apply to transnational computer searches, like the one in the Gorshkov-Ivanov case. I think there are two reasons why we should treat transborder computer searches and seizures differently.

One is that the law enforcement conduct in these searches/seizures does not take place entirely outside the territorial boundaries of the United States. Our experience with this type of activity is still in its infancy, but I think it is reasonable to assume that the default scenario will be the one we saw in the Gorshkov-Ivanov case -- a situation in which law enforcement officers launch a search/seizure from within the United States that is directed at data located in another country (or other countries). Since the officers are physically located in the United States, I think U.S. law should govern their actions. This result is consistent with the rather formulaic equation that equates the applicability of law with presence in a sovereign's territory; it is also consistent with the premise that our officers must abide by "our" law when they are in the United States.

The other reason is that in this scenario U.S. law enforcement officers can comply with U.S. law, specifically, with the requirements of the Fourth Amendment. It may be unreasonable to require U.S. officers to obtain a U.S. search warrant before they search, say, a building in Chile in an effort to locate evidence of illegal drug-dealing; aside from anything else, the logistics involved in obtaining such a warrant have traditionally made this impracticable. If, however, the officers are physically located in the U.S., there seems to be no reason why they cannot obtain a warrant authorizing the actions they intend to take in the course of conducting a transborder computer search for evidence.

Such a warrant would have no legal effect in the country (or countries) that were targeted by the search, but it might at least communicate to those countries that we were according them the same measure of respect we would accord property owned by our citizens and/or located in our own country.

If that had been done, it might have mitigated the hard feelings that resulted from the FBI's actions in the Gorshkov-Ivanov case. In August of 2002, the Russian Federal Security Service charged one of the Invita FBI agents with hacking in violation of Russian law. The Russians in effect charged the agent with doing what Gorshkov and Ivanov had done: gaining access to computers without being authorized to do so. I've read the Russian hacking statute, and I think the charge was well-grounded. The FBI agents did not have Gorshkov's or Ivanov's permission to use their passwords to access the Russian servers; there access was, therefore, unlawful.

The Russians asked the U.S. Department of Justice to turn the agent over for prosecution, at least twice. They received no response to either request. When they were asked why they bothered, knowing the U.S. would not turn the agent over, they said they brought the charges as a symbolic gesture . . . as a way of protesting what they saw as illegal activity by the FBI.

I do not think this is any way to run a global law enforcement environment.